Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a way to refresh token for Auth Webhook #996

Closed
hackerwins opened this issue Sep 3, 2024 · 3 comments · Fixed by yorkie-team/yorkie-js-sdk#911
Closed

Provide a way to refresh token for Auth Webhook #996

hackerwins opened this issue Sep 3, 2024 · 3 comments · Fixed by yorkie-team/yorkie-js-sdk#911
Assignees
@xet-a @chacha912
Labels
enhancement 🌟 New feature or request sdk ⚒️

Comments

@hackerwins
Copy link
Member

Description:

We have added the auth webhook feature in #188, which allows the Client to verify whether it has access rights to a specific Document. The current implementation only utilizes the initially provided token for authentication, and there is no functionality for token refresh once it expires.

(5) response the request  (4) handle the request
     ┌─────────────────┐  ┌──┐
     │                 │  │  │   (3) response
     ▼                 │  ▼  │    - allowed
 ┌──────┐             ┌┴─────┤    - reason   ┌──────────────┐
 │Client├────────────►│Server│◄──────────────┤Outside Server│
 └──────┘ (1)request  └────┬─┘               └──────────────┘
           - token         │                      ▲
           - dockey        └──────────────────────┘
                               (2) call webhook
                                - token
                                - dockey
                                - verb: r or rw

To enhance the user experience, I propose implementing a token refresh mechanism. This would involve two key components:

  • A. Server: After calling the Auth Webhook, if the token has expired, it should notify the Client of the token expiration.
  • B. Client: Upon receiving the expiration event from the Server, the Client should provide an interface that allows the injection of a refreshed token (similar to an auth callback).

Related to #188 (comment)
Related to yorkie-team/codepair#160

Why:

Implementing this token refresh mechanism will ensure that users can maintain their sessions without interruptions, thereby providing a seamless and continuous experience while working with the Client.
@hackerwins hackerwins added enhancement 🌟 New feature or request sdk ⚒️ labels Sep 3, 2024
@krapie
Copy link
Member

krapie commented Sep 5, 2024

@xet-a Seems like this issue is somewhat similar to your previous refresh token work on CodePair?

@xet-a
Copy link

xet-a commented Sep 12, 2024

I'm interested in this issue. Can I try this?

@krapie
Copy link
Member

krapie commented Sep 12, 2024

@xet-a Assigned 😄

@devleejb devleejb moved this from Backlog to In progress in Yorkie Project Sep 15, 2024
This was referenced Oct 17, 2024
Merged
Merged
hackerwins added a commit that referenced this issue Nov 1, 2024
@chacha912 @hackerwins
Update Authorization Webhook Response Format and Handling (#1037)
5aaacfb 
This change enhances the webhook response format to provide more granular error
handling while maintaining the existing response body structure {allowed: bool,
reason: string}. The implementation adds standard HTTP status codes:

- 200 OK: Request allowed
- 401 Unauthorized: Invalid/missing token, indicating need for token refresh
- 403 Forbidden: Valid token but insufficient permissions

This distinction enables clients to better handle authentication vs authorization
scenarios. A follow-up change will be needed to implement token refresh 
functionality (see #996).

---------

Co-authored-by: Youngteac Hong <susukang98@gmail.com>
@github-project-automation github-project-automation bot moved this from In progress to Done in Yorkie Project Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xet-a xet-a

@chacha912 chacha912

Labels
enhancement 🌟 New feature or request sdk ⚒️
Projects
Yorkie Project
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add dynamic token refresh and authentication error handling yorkie-team/yorkie-js-sdk
4 participants
@hackerwins @krapie @xet-a @chacha912